param ( [cmdletbinding()] [string]$dir="modules.d", [string]$module ) #requires -RunAsAdministrator Import-Module NetSecurity #Useful to manipulate firewall rules Set-StrictMode -Version 2 $PSDefaultParameterValues=@{$dir = "./modules.d"} $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" $ErrorActionPreference = "Stop" $ProgressPreference = "SilentlyContinue" #Thanks to https://gist.github.com/markembling/173887 function BlockHost { param( [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line} } } if ( $params.ContainsKey('host') -and $params.host -ne "" ) { Write-Host -NoNewline "`t$($params.host) : " try { if ( ! $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){ $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE } else { Write-Host -ForegroundColor Yellow "already blocked " return } } catch { Write-Host -ForegroundColor Red "error" return } Write-Host -ForegroundColor Green "done" } } function IsHostAlreadyBlocked { param([string]$filename, [string]$hostname) $c = Get-Content $filename foreach ($line in $c) { $bits = [regex]::Split($line, "\t+") if ($bits[1] -eq $hostname) { return $true } } return $false } function FwBlockOutputIP { param( [object]$params ) if ( $params.ContainsKey('file') ) { foreach ($line in Get-Content $params.file ){ FwBlockOutputIP @{"ip"="$line"} } } elseif ( $params.ContainsKey('ip') ) { Write-Host -NoNewline "`t$($params.ip) : " if ( Get-NetFirewallRule -Name Blacklist_$($params.ip) -ErrorAction SilentlyContinue) { Write-Host -ForegroundColor Yellow "already blacklisted" return } else { Try { New-NetFirewallRule -Name Blacklist_$($params.ip) -DisplayName "BlackList $($params.ip)" -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null } Catch { Write-Host -ForegroundColor Red "error" return } Write-Host -ForegroundColor Green "done" } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } function FwBlockProgram { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) Write-Host " Test" } function RemoveScheduledTask () { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { Get-Content $params.file | foreach { RemoveScheduledTask @{name=$_} } } elseif ( $params.ContainsKey('name') ) { $command = "Get-ScheduledTask -ErrorAction Stop -TaskName `"$($params.name)`"" if ($params.ContainsKey('path') -and $params.path -ne '') { $command += " -TaskPath `"$($params.path)`"" } else { $params.path="" } try { $task = Invoke-Expression $command Write-Host -NoNewline "`tRemove task $($params.name) : " $task | Unregister-ScheduledTask -ErrorAction SilentlyContinue -Confirm:$false Write-Host -ForegroundColor Green "done" } catch [Microsoft.PowerShell.Cmdletization.Cim.CimJobException]{ Write-Host -ForegroundColor Yellow "`tScheduled Task $($params.path)$($params.name) not found" } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError in RemoveSheduledTask`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } function AddRegKey { param( [Parameter(Mandatory=$true)] [object]$params ) if ( -not $params.ContainsKey('path') -or -not $params.ContainsKey('key') ) { Write-Host -ForegroundColor Red -NoNewline "Error in AddRegKey : no path, key or value`n" return } if ( -not $params.ContainsKey('value') ) { $params.value = "" } if ( -not $params.ContainsKey('type') -or $params.type -eq "" ){ $params.type="DWord" } Write-Host -NoNewline "`t$($params.key) reg key to $($params.value) : " if ( -not (Test-Path $params.path) ){ Write-Host -NoNewline "- creating path - " try { New-Item -Path $params.path -Force | Out-Null } catch { Write-Host -NoNewLine -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } try { Set-ItemProperty -Path $params.path -Name $params.key -Value $($params.value) -Type $params.type -Force Write-Host -ForegroundColor Green "done" } catch [System.Security.SecurityException]{ Write-Host -ForegroundColor Red "Error (access denied)" } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } function DelRegKey { param( [Parameter(Mandatory=$true)] [object]$params ) Write-Host -NoNewline "`tDelete registery key $($params.key) : " if ( ! (Test-Path $params.path) ){ Write-Host -ForegroundColor Red " Error path not found" return } try { Remove-ItemProperty -Path $path -Name $key Write-host -ForegroundColor Green "done" } catch [System.Security.SecurityException]{ Write-Host -ForegroundColor Red "Error in DelRegKey`n`t" Write-Host -ForegounndColor DarkRed "Access to $($params.path)\$($params.key) denied" } catch { Write-Host -ForegroundColor Red -NoNewLine "Error in DelRegKey`n`t" Write-Host -ForegounndColor DarkRed $Error[0].Exception.Message } } function DisableFeature { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { Get-Content $params.file | foreach { DisableFeature @{name=$_} } } elseif ( $params.ContainsKey('name') ) { $feature = $(dism /online /Get-FeatureInfo /FeatureName:$($params.name) /English) $name = $feature | Select-String "Feature Name" | %{($_ -split " : ")[1]} if (-not $name){ Write-Host -ForegroundColor Yellow "`tFeature $params.name not found" return } Write-Host -NoNewline "`tDisable Feature $name : " if ( $($feature | Select-String "state") -match "Disable" ){ Write-Host -ForegroundColor Yellow "already disable" return } try { Dism /online /Disable-Feature /FeatureName:$name /NoRestart | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -ForegroundColor Red "error" } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } function UninstallModernApp { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { $pkgs = $(Get-AppxPackage -AllUsers).name $uninstall_list = Get-Content $params.file $pkgs | Where-Object { $_ -in $uninstall_list } | foreach { UninstallModernApp @{name=$_} } $uninstall_list | Where-Object { $_ -notin $pkgs } | foreach { Write-Host -ForegroundColor Yellow "`tModern App $_ not installed" } } elseif ( $params.ContainsKey('name') ) { Write-Host -NoNewLine "`tUninstall $($params.name) : " try { $(Get-AppxPackage -AllUsers | Where-Object { $_.name -like "*$($params.name)*" } | Remove-AppxPackage) Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "Error `n`t" write-Host -ForegroundColor DarkRed "Impossible to Uninstall. Is this a system one." } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" return } if ( $params.ContainsKey('removeProvisionned' ) ) { UninstallModernProvisonnedApp $params } } function UninstallModernProvisonnedApp { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { $pkgs = $(Get-AppxProvisionedPackage -Online).DisplayName $list = Get-Content $params.file $pkgs | Where-Object { $_ -in $list } | foreach { UninstallModernProvisonnedApp @{name=$_} } $list | Where-Object { $_ -notin $pkgs } | foreach { Write-Host -ForegroundColor Yellow "`tProvisionned App $_ not found" } } elseif ( $params.ContainsKey('name') ){ Write-Host -NoNewLine "`tUninstall Provisonned $($params.name) :" try { $(Get-AppxProvisionedPackage -Online | Where-Object { $_.DisplayName -eq $($params.name) }) | Remove-AppxProvisionedPackage -Online | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } function DisableService { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) if ( $params.ContainsKey('file') ) { $services = $(Get-Service).name $list = Get-Content $params.file $services | Where-Object { $_ -in $list } | Foreach { DisableService @{name=$_} } $list | Where-Object { $_ -notin $services } | Foreach { Write-Host -ForegroundColor Yellow "`t Service $_ not found" } } elseif ( $params.ContainsKey('name') ) { try { $service = Get-Service -Name $params.name if ( -not $service ){ Write-Host -ForegroundColor "`t Service $($params.name) not found" return } Write-Host -NoNewline "`tDisable service $($params.name) : " if ( $service.StartType -eq "Disable") { Write-Host -ForegroundColor Yellow "already disabled" return } Stop-Service -InputObject $service -PassThru | Set-Service -StartupType disabled Write-Host -ForegroundColor Green "done " } catch { Write-Host -NoNewLine -ForegroundColor Red "`tError`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } } function KillProcess { param( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) Write-Host -NoNewLine "`tKilling $($params.name) : " try { Stop-Process $(Get-Process $params.name -ErrorAction SilentlyContinue ) Write-Host -ForegroundColor Green "Done" } catch { Write-host -ForegroundColor Yellow "Not started" } } function DelFile { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) $path = Invoke-Expression """$($params.path)""" Write-Host -NoNewline "`tDelete $path : " if ( -not (Test-Path $path) ){ Write-Host -ForegroundColor Yellow "not found" return } $command = "Remove-Item -ErrorAction SilentlyContinue -Force -Path `"$path`"" if ( $params.ContainsKey('recurse') -and $params.recurse -eq $true ) { $command += "-Recurse" } try { Invoke-Expression $command Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`Error`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } function ExecCommand { param ( [cmdletbinding( DefaultParameterSetName='params' )] [Parameter( ValueFromPipeline=$False, ParameterSetName="params", Position = 0 )] [object]$params ) Write-Host -NoNewline "`tExecute : $($params.path) : " if ( -not (Test-Path $params.path) ) { Write-Host -ForegroundColor Yellow "File not found" return } try { Start-Process $params.path -ArgumentList $params.arguments Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewLine -ForegroundColor Red "`Error in DelFile`n`t" write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } function ProcessModuleFile { param ( [Parameter( Mandatory=$true, ValueFromPipeline=$True, ParameterSetName="path" )] [string]$path ) try { $mod = Get-Content $(Get-ChildItem $path).FullName -Raw | ConvertFrom-Json } catch { Write-Host -ForegroundColor Red "Error While Loading JSON : $path `n`n" #Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } Write-Host -ForegroundColor White "`nProcess Module $($mod.name) `n" $mod.actions | Foreach { $action_file = "" $current_action = @{} foreach( $p in $_.psobject.properties.name ){ $current_action[$p] = $_.$p } # If action content a file element, need to test if file exist if ( $current_action.ContainsKey('file')) { $action_file = $(Get-ChildItem $path).DirectoryName + "\" + $(Get-ChildItem $path).BaseName + "\" + $current_action.file if ( -not (Test-Path $action_file) ) { Write-Host -ForegroundColor Red "`tError in $($mod.name) : file $action_file not found" return } $current_action.file = $action_file } # Invoke function Invoke-Expression "$($_.action) `$current_action" } } Write-Output "`nIt's time to kick ass and chew bubble gum" Write-Output "_________________________________________`n" try { Write-Host -NoNewline "Mount Default user registery hive : " reg load "HKU\Default" "C:\Users\Default\NTUSER.DAT" | Out-Null New-PSDrive -PSProvider Registry -Root HKEY_USERS -Name HKU | Out-Null Write-Host -ForegroundColor Green "done" Write-Host -NoNewline "Mount HK_CLASSES_ROOT registery hive : " New-PSDrive -PSProvider Registry -Root HKEY_CLASSES_ROOT -Name HKCR | Out-Null New-PSDrive -PSProvider Registry -Root HKEY_CURRENT_USER -Name HKCU | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewline -ForegroundColor Red "Error while mounting Registery`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message return } Write-Host "Folder to process : $module" if ( $module -and $( Test-Path $module ) ) { $module | ProcessModuleFile } else { Get-ChildItem -Path $dir -Filter "*.conf" | foreach { $_.FullName | ProcessModuleFile } } #Unmount Registery try { Write-Host -NoNewline "`nUnmount HKU and HKCR : " Remove-PSDrive -Name HKCR Remove-PSDrive -Name HKCU Remove-PSDrive -Name HKU reg unload "HKU\Default" 2>&1 | Out-Null Write-Host -ForegroundColor Green "done" } catch { Write-Host -NoNewline -ForegroundColor Red "Error`n`t" Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message }